| Title | CRMEB is vulnerable to Broken Access Control |
|---|
| Description | CRMEB <= 4.6.0 is vulnerable to Broken Access Control.It has been declared as problematic.One of the interfaces in CRMEB can return the token directly, and by replacing the token you can bypass the authentication to upload the image, and then you can use phar deserialization.This issue affects some unknown processing of the route /api/wechat/app_auth |
|---|
| Source | ⚠️ https://github.com/HuBenLab/HuBenVulList/blob/main/CRMEB%20is%20vulnerable%20to%20Broken%20Access%20Control.md |
|---|
| User | p0ison (UID 37575) |
|---|
| Submission | 06/06/2023 08:17 (3 years ago) |
|---|
| Moderation | 06/14/2023 07:31 (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 231503 [Zhong Bang CRMEB up to 4.6.0 Image Upload /api/wechat/app_auth deserialization] |
|---|
| Points | 19 |
|---|